Privacy Policy

1. Introduction

We are very pleased about your interest in our company.

Personal data is any information relating to an identified or identifiable person. Pseudonymous data that we cannot assign to you directly, e.g. via a name or email address, is also personal data.

Because the protection of your personal data is of great importance to us, we provide you with this Privacy Policy to inform you about the nature, scope, and purpose of the personal data we process and your rights as a data subject.

At the end of this Privacy Policy, you will find, under the section "Definitions," various explanations of the terminologies used.

The data controller for the processing of personal data is:

herpa print Werben und Kennzeichnen GmbH

Niedermiebach 71
53804 Much

Tel.: +49 (22 45) 91 63-0
EMail: info@herpa-print.de

The external corporate data protection officer (DPO) is:

dokuworks GmbH

Mr. Markus Weber
Birlenbacher Str. 20
57078 Siegen

Tel.: +49 271 77237-60
Email: datenschutz@doku.works

If you have any questions or suggestions regarding data protection, please feel free to contact us as the data controller or our data protection officer at any time.

2. Data Subject Rights

You may exercise the following rights with respect to your personal data:

  • Right to Information (Art. 15 GDPR)
  • Right to Rectification (Art. 16 GDPR) or Deletion (Art. 17 GDPR)
  • Right to Restriction of Processing (Art. 18 GDPR)
  • Right to Data Portability (Art. 20 GDPR)
  • Right to Object to Processing (Art. 21 GDPR)

If you request information from us, we will inform you in accordance with data protection regulations whether and what data we have collected from you. Our goal is always to ensure current and error-free data collection. If incorrect information has nevertheless been recorded, we will correct it promptly upon a corresponding request.

To do so, please send us a request to: datenschutz@doku.works

In addition to exercising your rights with us, you also have the right to lodge a complaint with a supervisory authority if you suspect a violation of data protection regulations (Art. 77 GDPR).

3. Data Transfer to Third Countries

We only transfer or process data to countries outside the scope of the GDPR (so-called third countries) if you consent to this processing or other legal permission exists. This applies in particular if the processing is required by law or necessary to fulfill a contractual relationship and in any case only to the extent that this is generally permitted.

If data is processed outside the EU/EEA and there is no data protection level corresponding to the European standard, we conclude EU standard contractual clauses in conjunction with a Transfer Impact Assessment (TIA) with corresponding service providers to establish an appropriate level of data protection.

With regard to data transfer to US companies, the transatlantic data protection agreement (so-called Data Privacy Framework) came into force on July 10, 2023; also known as “Privacy Shield 2.0”. This means that - under certain conditions - the use of tracking/analysis and marketing tools with data transfer to the USA is permitted again. In order for a US company to be considered a secure data recipient and comply with the principles of the Data Privacy Framework, it must undergo a self-certification process by the US Department of Commerce (DoC). This self-certification requires a company to submit a series of documents. If these are complete, the organization is added to the DPF list (short for “Data Privacy Framework”) and is considered self-certified according to the requirements of the new data protection framework.

Data processing by US services that are not active participants in the EU-US Data Privacy Framework may result in data not being processed and stored anonymously. Furthermore, US government authorities may be able to access individual data. In addition, data collected may be linked to data from other services of the same provider if you have a corresponding user account. Where possible, we try to use server locations within the EU if this is offered.

4. Privacy Notice for Business Partners

We are delighted that you have shown an interest in herpa print Werben und Kennzeichnen GmbH and have been in contact with us.

The protection of your data is of utmost importance to us. With this privacy notice, we provide you with the following information in accordance with Article 13 of the General Data Protection Regulation (GDPR) regarding the processing of your personal data in the context of our business relationship.

For additional information about our company, details about our authorized representatives, and further contact options, please visit https://www.herpa-print.de/impressum.html

What data do we process and for what purposes?

We only process personal data that we have received from you as part of our business relationship or, if applicable, from publicly available sources.

Personal data as defined by Article 4(1) of the General Data Protection Regulation (GDPR) may include names, telecommunications data, and address data. In addition, we also process offer, inquiry, and order data, data related to the fulfillment of our contractual obligations, product data, documentation data, as well as other data comparable to the mentioned categories.

The provision of your personal data is necessary for the initiation, implementation and processing of the contractual relationship. If it is not provided, it will unfortunately not be possible for us to contact you to clarify pre-contractual or contractual questions.

What is the legal basis for processing your personal data?

Your personal data is processed in accordance with the legal provisions of the GDPR and the new version of the Federal Data Protection Act to fulfill contractual obligations or to take measures to initiate a contract (Art. 6 Para. 1 S. 1 lit. b GDPR).

In addition, we may use this data for additional purposes as part of our business relationship.

How long is the data stored?

We process and store your personal data for the duration of our business relationship and at least in accordance with the statutory retention periods such as for example the Commercial Code or Tax Code.

Who is the data passed on to and where is it processed?

We only use the personal data for our own purposes as part of the business relationship.

5. Applicant Management

The person responsible for processing collects and processes the personal data of applicants for the purpose of processing the application process. Processing can also take place electronically. This is particularly the case if an applicant submits relevant application documents to the person responsible for processing electronically, for example by email or via a web form on the website. If the person responsible for processing concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with legal regulations.

The legal basis for this processing is Section 26 Paragraph 1 Sentence 1 BDSG in conjunction with Article 88 Paragraph 1 GDPR.

If the person responsible for processing does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the rejection decision is announced, provided that deletion does not conflict with any other legitimate interests of the person responsible for processing. Other legitimate interests in this sense include, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis in this case is Article 6 Paragraph 1 Letter f GDPR and Section 24 Paragraph 1 No. 2 BDSG. Our legitimate interest lies in legal defense and enforcement.

If you expressly consent to a longer storage of your data, for example for your inclusion in an applicant or interested party database, the data will be further processed based on your consent. The legal basis is then Article 6 Paragraph 1 Letter a GDPR. Of course, you can revoke your consent at any time in accordance with Art. 7 Para. 3 GDPR by notifying us with effect for the future.

6. Data protection when visiting our website

Type and purpose of processing:

When you access our website uponu.com, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted, usually after one week:

  • IP-address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved file
  • Website from which access is made (Referrer URL)
  • Browser used and, if applicable, the operating system of your computer as well as the name of your access provider

The data mentioned will be processed in particular for the following purposes:

  • Ensuring problem-free connection to the website
  • Ensuring smooth use of our website
  • Evaluation of system security and stability
  • Clarification of any abusive page access (DoS/DDoS attacks or similar)
  • Optimization of our website

We do not use your data to draw conclusions about you personally. We reserve the right to do this in the event that this becomes necessary to investigate abusive page access. We generally evaluate information of this type anonymously and statistically in order to optimize our website and the technology behind it.

Legal basis and legitimate interest:

Processing is carried out in accordance with Article 6 Paragraph 1 Letter f of the GDPR based on our legitimate interest in improving the stability and functionality of our website.

Recipients:

Recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website.

Storage period:

The data will be deleted as soon as it is no longer required for the purpose of collection. This is generally the case for the data used to provide the website when the respective session has ended.

If the data is stored in log files, this is usually the case after one week. Storage beyond this is possible. In this case, the users' IP addresses are anonymized so that it is no longer possible to assign the calling client.

Provision Required or Mandatory:

The provision of the aforementioned personal data is neither legally nor contractually required. However, without providing your IP address, the service and functionality of our website cannot be guaranteed. Additionally, certain services and features may not be available or may be limited. For this reason, objections to providing this data are not possible.

7. Hosting

We host the content of our website with the following provider:

Host Europe GmbH
c/o WeWork
Friesenplatz 4
50672 Köln

Telefon: +49 221 99999 301
Telefax: +49 221 99999 350
E-Mail: info@hosteurope.de

Details can be found in Host Europe GmbH privacy policy:

https://www.hosteurope.de/en/terms-and-conditions/privacy/

The legal basis for hosting is our legitimate interest in the most reliable presentation of our website (pursuant to Art. 6 para. 1 lit. f GDPR). Insofar as a corresponding consent has been obtained, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

8. Use of Cookies and Tools

Cookies are small text files placed on your device that collect data that can later be read by a web server in the domain that placed the cookie.

Our website uses cookies and similar technologies to provide users with a more user-friendly service, to analyze the performance of our products and for other legitimate purposes.

The data subject can prevent the setting of cookies through our website at any time by means of an appropriate setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

A distinction can be made between the following types of cookies:

Technically Necessary Cookies

Technically necessary cookies are those that secure the basic functions of the website, enabling its operation. This is solely about technical necessity, not economic aspects.

The legal basis for this is our legitimate interest in providing a functioning website, as per Article 6(1)(f) GDPR, or compliance with a legal obligation as per Article 6(1)(c) GDPR.

For the aforementioned purposes, we use the services of the third parties listed below, who are responsible for the data processing that takes place via their respective service in accordance with Art. 4 (7) GDPR. Further information on data processing by these providers and your rights as a data subject can be found in the providers' privacy policies linked below:

  • Usercentrics Consent Management Platfom (Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany)

https://usercentrics.com/privacy-policy/

  • Google Fonts (local Hosting) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

https://policies.google.com/privacy

This site uses so-called web fonts provided by Google for the standardised display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you are using must establish a connection to our server. Your data will not be passed on to Google in this way. The use of Google Web Fonts is in the legitimate interest of a uniform and appealing presentation of our online offers within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font will be used by you computer.

Statistics cookies, marketing cookies and functional cookies

Statistical cookies help website owners understand how visitors interact with websites by anonymously collecting and reporting information.

Marketing cookies store user information regarding the visited website. This data is used, for example, to display personalized ads based on user interests, optimize offers, recognize the user, or simplify website usage.

The legal basis for this is your consent, according to Article 6(1)(a) GDPR.

For the purposes mentioned above, we use the services of the following third-party providers, who are responsible for data processing that occurs through their respective services, as defined in Article 4(7) GDPR. You can find further information about data processing by these providers and your rights as a data subject in the privacy policies of the providers linked below:

  • Google Maps (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

https://policies.google.com/privacy?hl=de

  • Google Advertising Products (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

www.google.de/intl/de/policies/privacy/

  • Google Analytics 4 (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

https://policies.google.com/privacy?hl=de
https://support.google.com/analytics/answer/12017362?hl=de

  • Google Tag Manager (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

https://www.google.com/policies/privacy/

9. Social Media

Integration of Social Media Buttons

The data controller has integrated components of social media on this website. We use the services of the following third-party providers, who are responsible for data processing that occurs through their respective services, as defined in Article 4(7) GDPR. These providers only collect personal data from you when you click the button and are redirected to the respective page. For further information about data processing by these third-party providers and your rights as a data subject, you can refer to the privacy policies linked below:

  • LinkedIn (LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland) LinkedIn Privacy Policy
  • Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)

https://www.instagram.com/legal/privacy/

  • YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=de&visit_id=0-636644030056539000-341535836&rd=1

  • Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

https://www.facebook.com/about/privacy/

Use of Social Media Profiles

For the presentation of our content on a social media profile, we access the technical platform and services of the respective social media providers. As the operator of the social media profile, UPONU GmbH is jointly responsible with the operator of the social network, as defined in Article 4(7) of the General Data Protection Regulation (GDPR). When you visit our social media profile, personal data is processed by the responsible parties. We inform you about the data processed, how it is processed, and your rights regarding this data.

Please note that you use this website and its functions at your own risk. This applies especially to the use of interactive features (e.g., commenting, sharing, rating, etc.). We may use your comments and ratings as an opportunity to respond with our own comments. In doing so, we exercise our legitimate interest in interacting with active users of our profile (Article 6(1)(f) GDPR).

If you have any questions, you may have the option to contact us via personal messages. Your username may be automatically communicated to us in this context. Additional information may be provided voluntarily, especially when contacting us outside of social media. Data processing for the purpose of contacting us is based on your voluntarily given consent in accordance with Article 6(1)(a) GDPR. Personal data processed for contacting us will be automatically deleted after your request has been addressed unless legal retention obligations prevent this (e.g., because a contractual relationship has been established based on your request).

When visiting our social media profile, the provider collects your IP address and other information in the form of cookies on your PC. This information is used to provide us, as the operator of the social media profile, with statistical information about the usage of the website.

The data collected about you in this context by the providers may be processed and potentially transferred to countries outside the European Union. The provider's general data usage policies describe what information the provider receives and how it is used. You can find information on how to contact the provider and how to adjust advertising settings in their data usage policies.

The extent to which providers use data from the visit to social media profiles for their own purposes, the allocation of activities on the websites to individual users, the retention period of this data, and whether data is passed on to third parties are not conclusively and clearly named, and we are not aware of this. When accessing a social media profile, the IP address assigned to your device is transmitted to the provider. This allows the provider to potentially associate IP addresses with individual users. If you are currently logged in as a user with a social media provider, a cookie with your identifier is stored on your device. As a result, the provider can track that you have visited this page and how you have used it. If you want to avoid this, you should log out of the respective social media provider or deactivate the "stay logged in" function, delete the cookies on your device, and restart your browser.

For more information on your rights as a data subject according to the GDPR, please refer to section 2 "Data Subject Rights."

Additional information is available from the provider at the following links:

  • LinkedIn (LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland) LinkedIn Privacy Policy
  • Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)

https://www.instagram.com/legal/privacy/

  • YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=de&visit_id=0-636644030056539000-341535836&rd=1

  • Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

https://www.facebook.com/about/privacy/

10. YouTube with extended data protection

Our website uses plugins from the YouTube website. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

Sobald Sie ein YouTube-Video auf unserer Website starten, wird eine Verbindung zu den Servern von YouTube hergestellt. Dabei wird dem YouTube-Server mitgeteilt, welche unserer Seiten Sie besucht haben. Wenn Sie in Ihrem YouTube-Account eingeloggt sind, ermöglichen Sie YouTube, Ihr Surfverhalten direkt Ihrem persönlichen Profil zuzuordnen. Dies können Sie verhindern, indem Sie sich aus Ihrem YouTube-Account ausloggen.

Des Weiteren kann YouTube nach Starten eines Videos verschiedene Cookies auf Ihrem Endgerät speichern. Mit Hilfe dieser Cookies kann YouTube Informationen über Besucher unserer Website erhalten. Diese Informationen werden u. a. verwendet, um Videostatistiken zu erfassen, die Anwenderfreundlichkeit zu verbessern und Betrugsversuchen vorzubeugen. Die Cookies verbleiben auf Ihrem Endgerät, bis Sie sie löschen.

Gegebenenfalls können nach dem Start eines YouTube-Videos weitere Datenverarbeitungsvorgänge ausgelöst werden, auf die wir keinen Einfluss haben.

Die Nutzung von YouTube erfolgt im Interesse einer ansprechenden Darstellung unserer Online-Angebote. Dies stellt ein berechtigtes Interesse im Sinne von Art. 6 Abs. 1 lit. f DSGVO dar.

Weitere Informationen über Datenschutz bei YouTube finden Sie in deren Datenschutzerklärung unter: http://www.youtube.com/t/privacy_at_youtube.   

11. Contact

If you contact us (e.g. via contact form, chat or email), we will process your information to process the request and in the event that follow-up questions arise.

If the data processing is carried out to carry out pre-contractual measures at your request or, if you are already our customer, to carry out the contract, the legal basis for this data processing is Article 6 Paragraph 1 Sentence 1 Letter b GDPR.

12. Newsletter

If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to send you our newsletter on a regular basis. To receive the newsletter, it is sufficient to provide an e-mail address.

To send you the newsletter, we use the CleverReach email marketing service from CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. This tool enables us to create, manage and send newsletters and measure success. Further information on data protection can be found at https://www.cleverreach.com/en/privacy-policy/.

Registration for our newsletter takes place in a so-called double opt-in procedure, i.e. after registration you will receive an e-mail asking you to confirm your registration. The subsequent confirmation will be logged by us for verification purposes; the time of registration and confirmation will be stored together with your e-mail address.

You can revoke your consent to the use of your title, surname and first name at any time by sending an e-mail datenschutz@herpa-print.de as can a request to unsubscribe from the newsletter.

13. Storage period

Unless specifically stated, we only store personal data for as long as is necessary to fulfill the purposes pursued.

In some cases, the law requires the storage of personal data, for example in tax or commercial law. In these cases, we will only continue to store the data for these legal purposes, but will not process it in any other way and will delete it after the statutory retention period has expired.

14. Definitions

The data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.

Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor

A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorised to process the personal data.

Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

15. Disclosure of Data to Third Parties

We do not transfer your personal data to third parties for purposes other than those listed below. We only disclose your personal data to third parties if:

  • You have given your explicit consent according to Article 6 (1) (a) GDPR.
  • The disclosure is necessary under Article 6 (1) (f) GDPR for the establishment, exercise, or defense of legal claims, and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data.
  • There is a legal obligation to disclose the data under Article 6 (1) (c) GDPR.
  • The disclosure is legally permissible and necessary under Article 6 (1) (b) GDPR for the performance of a contract with you.

16. Data Security

We make every effort to ensure the security of your data in accordance with applicable data protection laws and technological capabilities.

Your personal data is transmitted to us in encrypted form. This applies to your orders and also to customer logins. We use the SSL (Secure Socket Layer) encryption system, but please be aware that data transmission over the Internet (e.g., when communicating via email) may have security vulnerabilities. It is not possible to provide complete protection of data from third-party access.

17. Actuality and change of this Privacy Policy

This Privacy Policy is currently valid and has the status june 2024. Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy.

10. Technologies used

Learn more about our company